Information Security

continuous infosec

Availability

With a combination of active monitoring, and fault tolerant self-healing technologies our team supports your organization in maintaining a nominal level of performance to resist network, hardware or cloud failures as well as targeted or opportunity based attacks on your information infrastructure.

Integrity

Ensuring your data remains authoritative requires careful control of access and associated data pipelines. An appropriate security architecture will provide a level of assurance that your databases and applications can be relied upon to be accurate and whole.

Confidentiality

We work with your development teams or augment in place systems with additional control frameworks to reduce or resist data disclosure threats to your applications through a combination of strong access and data exfiltration controls, layered defenses, active monitoring.

Governance

Governance at the organizational level is required to ensure all employees behave according to the requirements of your security architecture. We will work with your executive team to design & implement security policies and security training regimens.

Risk

An organizational risk management strategy strategy assures the unlikely does not become the unexpected.

Through adequate risk management you can protect your organization from both likely and unlikely threats to your business operations. KPI either acts as a technical asset to your existing risk management team or works with your organization to guide the risk management process itself.

Compliance

Compliance with industry or government regulatory environments requires a measured approach regardless of your industry.
Our staff is credentialed to guide you through the process of complying with all necessary regulations when your organization is subject to PCI, PHI, PII, SOX or other standards or state enforced requirements.

Risk Analysis

Ensure your organization targets security in in a measured way which consumer organizational resources in proportion to likelihood and criticality of risks.

KPI can assist you in performing a qualitative risk analysis of your business systems and organizational processes or assist in contracting or understanding the implications of more measured quantitative assessments such as those dictated by NIST SP 800-30 or ISO 27001.

Threat Model

By modeling the threats to your attack or failure surfaces KPI will support your organization in targeting adequate safeguards and countermeasures to resist security incidents.

Policy Development

An adequate security framework requires a set of policies designed to harden your organization against failures due to isolated weaknesses in security posturing. KPI can review, assess or author a set of policies to add assurance to your information security program.

Control Deployment

Security controls often require physical, operational or technical changes to your information infrastructure and may require a wide variety of disciplines to design and deploy. KPI is qualified to implement a wide variety of control types and will ensure all controls are implemented by adequately skilled staff or contractors.

Penetration Testing

After a methodical approach to security including qualitative or quantitative risk analysis, policy creation, and measured control deployment penetration testing may provide your organization with the additional assurance it needs accept residual risks or allocation additional resources.
KPI will work with your team to scope and execute white-box testing or contract black-box testing of your information infrastructures.

External Attestation

After implementing or assessing a security architecture a statement of attestation from an outside party can assure both internal and external stakeholders of an adequate security posture.
KPI can provide you with an endorsed attestation covering a summary evaluation of your infrastructure. This attestation does not contain specific security findings and is a common way of assuring stakeholders.